Ejemplo n.º 1
0
 def setUp(self):
     super(PolicyTestCase, self).setUp()
     rules = [
         oslo_policy.RuleDefault("true", '@'),
         oslo_policy.RuleDefault("test:allowed", '@'),
         oslo_policy.RuleDefault("test:denied", "!"),
         oslo_policy.RuleDefault("test:my_file",
                                 "role:compute_admin or "
                                 "project_id:%(project_id)s"),
         oslo_policy.RuleDefault("test:early_and_fail", "! and @"),
         oslo_policy.RuleDefault("test:early_or_success", "@ or !"),
         oslo_policy.RuleDefault("test:lowercase_admin",
                                 "role:admin"),
         oslo_policy.RuleDefault("test:uppercase_admin",
                                 "role:ADMIN"),
         oslo_policy.RuleDefault("old_action_not_default", "@"),
         oslo_policy.RuleDefault("new_action", "@"),
         oslo_policy.RuleDefault("old_action_default", "rule:admin_api"),
     ]
     policy.reset()
     policy.init()
     # before a policy rule can be used, its default has to be registered.
     policy._ENFORCER.register_defaults(rules)
     self.context = context.RequestContext('fake', 'fake', roles=['member'])
     self.target = {}
     self.addCleanup(policy.reset)
Ejemplo n.º 2
0
 def setUp(self):
     super(PolicyTestCase, self).setUp()
     rules = [
         oslo_policy.RuleDefault("true", '@'),
         oslo_policy.RuleDefault("test:allowed", '@'),
         oslo_policy.RuleDefault("test:denied", "!"),
         oslo_policy.RuleDefault("test:my_file",
                                 "role:compute_admin or "
                                 "project_id:%(project_id)s"),
         oslo_policy.RuleDefault("test:early_and_fail", "! and @"),
         oslo_policy.RuleDefault("test:early_or_success", "@ or !"),
         oslo_policy.RuleDefault("test:lowercase_admin",
                                 "role:admin"),
         oslo_policy.RuleDefault("test:uppercase_admin",
                                 "role:ADMIN"),
         oslo_policy.RuleDefault("old_action_not_default", "@"),
         oslo_policy.RuleDefault("new_action", "@"),
         oslo_policy.RuleDefault("old_action_default", "rule:admin_api"),
     ]
     policy.reset()
     policy.init()
     # before a policy rule can be used, its default has to be registered.
     policy._ENFORCER.register_defaults(rules)
     self.context = context.RequestContext('fake', 'fake', roles=['member'])
     self.target = {}
     self.addCleanup(policy.reset)
Ejemplo n.º 3
0
 def setUp(self):
     super(VolumeTenantAttributeTest, self).setUp()
     self.mock_object(volume.api.API, 'get', fake_volume_get)
     self.mock_object(volume.api.API, 'get_all', fake_volume_get_all)
     self.UUID = uuid.uuid4()
     policy.reset()
     policy.init()
     self.addCleanup(policy.reset)
Ejemplo n.º 4
0
 def setUp(self):
     super(VolumeTenantAttributeTest, self).setUp()
     self.mock_object(volume.api.API, 'get', fake_volume_get)
     self.mock_object(volume.api.API, 'get_all', fake_volume_get_all)
     self.UUID = uuid.uuid4()
     policy.reset()
     policy.init()
     self.addCleanup(policy.reset)
Ejemplo n.º 5
0
 def setUp(self):
     super(ContextAuthorizeTestCase, self).setUp()
     rules = [
         oslo_policy.RuleDefault("test:something",
                                 "project_id:%(project_id)s"),
     ]
     policy.reset()
     policy.init()
     # before a policy rule can be used, its default has to be registered.
     policy._ENFORCER.register_defaults(rules)
     self.context = context.RequestContext(user_id='me',
                                           project_id='my_project')
     self.addCleanup(policy.reset)
Ejemplo n.º 6
0
    def test_modified_policy_reloads(self):
        with utils.tempdir() as tmpdir:
            tmpfilename = os.path.join(tmpdir, 'policy')
            self.fixture.config(policy_file=tmpfilename, group='oslo_policy')
            policy.reset()
            policy.init()
            rule = oslo_policy.RuleDefault('example:test', "")
            policy._ENFORCER.register_defaults([rule])

            action = "example:test"
            with open(tmpfilename, "w") as policyfile:
                policyfile.write('{"example:test": ""}')
            policy.authorize(self.context, action, self.target)
            with open(tmpfilename, "w") as policyfile:
                policyfile.write('{"example:test": "!"}')
            policy._ENFORCER.load_rules(True)
            self.assertRaises(exception.PolicyNotAuthorized, policy.authorize,
                              self.context, action, self.target)
Ejemplo n.º 7
0
    def test_modified_policy_reloads(self):
        with utils.tempdir() as tmpdir:
            tmpfilename = os.path.join(tmpdir, 'policy')
            self.fixture.config(policy_file=tmpfilename, group='oslo_policy')
            policy.reset()
            policy.init()
            rule = oslo_policy.RuleDefault('example:test', "")
            policy._ENFORCER.register_defaults([rule])

            action = "example:test"
            with open(tmpfilename, "w") as policyfile:
                policyfile.write('{"example:test": ""}')
            policy.authorize(self.context, action, self.target)
            with open(tmpfilename, "w") as policyfile:
                policyfile.write('{"example:test": "!"}')
            policy._ENFORCER.load_rules(True)
            self.assertRaises(exception.PolicyNotAuthorized,
                              policy.authorize,
                              self.context, action, self.target)